Use this procedure to manually grant Full Disk Access to macOS sensors.

Procedure

  1. In System Settings, open the Security & Privacy pane and scroll down to Full Disk Access.

    If com.vmware.carbonblack.cloud.se-agent.extension is listed but shows as Disabled, then set the slider to Enabled.

    FDA Carbon Black extension shown as Disabled

    Note: If the extension is not listed, you can manually add the extension and then enable it (or, do nothing).
  2. Open a new, separate Finder window.
  3. Go to the /Applications/VMware Carbon Black Cloud/ folder.
  4. Position this Finder window next to the previously opened Privacy & Security > Full Disk Access pane.

    Position new Finder window next to Privacy & Security > Full Disk Access

    Important: Due to the pane limitation, you must open the separate Finder window from which to drag-and-drop sensor bundles instead of clicking + to add them. The latter method may not support granting by individual binaries.
  5. Drag-and-drop the VMware CBCloud bundle folder from the Finder window to the Full Disk Access pane and set the slider to Enabled. This step grants Full Disk Access to the CBC SysEXT.
  6. Grant the following four executables Full Disk Access by binary file, not by bundle. Navigate to each binary, relative to the /Applications/VMware\ Carbon\ Black\ Cloud/ top level folder:
    • repmgr.bundle/Contents/MacOS/repmgr
    • LiveQuery.bundle/Contents/MacOS/osqueryi
    • UnInstaller.bundle/Contents/MacOS/UnInstaller
    • uninstall.bundle/Contents/MacOS/uninstall
  7. Starting with the repmgr bundle, navigate to the binary by using the Finder right-click Show Package Contents menu option.

    Show Package Contents menu option

  8. Navigate to the binary within the bundle Contents/MacOS folders and select the binary file.

    Select binary for FDA

  9. Drag-and-drop the binary to the Full Disk Access pane and set the slider to Enabled.

    Drag and drop binary into FDA pane

  10. Repeat Steps 8 through 9 for the remaining three bundle binaries. The end result should depict the following pane view:

    Full Disk Access bundles

  11. Verify that Full Disk Access is successfully enabled. It takes approximately one hour for RepCLI to successfully report Full Disk Access changes. To verify the change immediately, restart the endpoint.
  12. Open a Terminal window and run the RepCLI status command (requires admin password): 
    sudo /Applications/VMware\ Carbon\ Black\ Cloud/repcli.bundle/Contents/MacOS/repcli status

    RepCLI displays a sensor information report that includes Full Disk Access. Expected output in the Full Disk Access Configuration section should read "Configured Manually" for the five sensor items.

    RepCLI status output example